Aggregator

CVE-2025-8286 | Güralp FMUS Series Seismic Monitoring Device Telnet-based Command Line Interface missing authentication (icsa-25-212-01 / EUVD-2025-23300)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability, which was classified as critical, was found in Güralp FMUS Series Seismic Monitoring Device. This affects an unknown part of the component Telnet-based Command Line Interface. The manipulation leads to missing authentication. This vulnerability is uniquely identified as CVE-2025-8286. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations

Check Point Research
8 months 3 weeks ago

Key Findings Introduction Check Point Research (CPR) has been closely monitoring the ongoing exploitation of a group of Microsoft SharePoint Server vulnerabilities collectively referred to as “ToolShell.” These active attacks leverage four vulnerabilities—CVE-2025-49704, CVE-2025-49706, CVE-2025-53770, and CVE-2025-53771—and are attributed to multiple China affiliated threat actors. Among the threat groups identified by Microsoft, two are known […]

The post Before ToolShell: Exploring Storm-2603’s Previous Ransomware Operations appeared first on Check Point Research.

[email protected]

CVE-2025-54832 | OPEXUS FOIAXpress Public Access Link 11.1.0 external control of assumed-immutable web parameter (EUVD-2025-23293)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in OPEXUS FOIAXpress Public Access Link 11.1.0. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to external control of assumed-immutable web parameter. The identification of this vulnerability is CVE-2025-54832. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-54834 | OPEXUS FOIAXpress Public Access Link 11.1.0 /App/CreateRequest.aspx observable response discrepancy (EUVD-2025-23292)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability was found in OPEXUS FOIAXpress Public Access Link 11.1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /App/CreateRequest.aspx. The manipulation leads to observable response discrepancy. This vulnerability is handled as CVE-2025-54834. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-54833 | OPEXUS FOIAXpress Public Access Link 11.1.0 CAPTCHA excessive authentication (EUVD-2025-23291)

VulDB Recent Entries
8 months 3 weeks ago
A vulnerability has been found in OPEXUS FOIAXpress Public Access Link 11.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component CAPTCHA Handler. The manipulation leads to improper restriction of excessive authentication attempts. This vulnerability is known as CVE-2025-54833. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Threat Actors Use Malicious RMM Tools for Stealthy Initial Access to Organizations

GBHackers on Security | #1 Globally Trusted Cyber Security News Platform
8 months 3 weeks ago

A small increase in targeted cyberattacks that make use of Remote Monitoring and Management (RMM) capabilities that are embedded in PDF documents has been seen by WithSecure. These campaigns primarily focus on organizations in France and Luxembourg, employing socially engineered emails to deliver innocuous PDFs containing hyperlinks to legitimate RMM installers. This method effectively circumvents […]

The post Threat Actors Use Malicious RMM Tools for Stealthy Initial Access to Organizations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Aman Mishra

Managed ad